ID de Prueba:	1.3.6.1.4.1.25623.1.0.57274
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0617
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0617. The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: * a flaw in the proc file system that allowed a local user to use a suid-wrapper for scripts to gain root privileges (CVE-2006-3626, Important) * a flaw in the SCTP implementation that allowed a local user to cause a denial of service (panic) or to possibly gain root privileges (CVE-2006-3745, Important) * a flaw in NFS exported ext2/ext3 partitions when handling invalid inodes that allowed a remote authenticated user to cause a denial of service (filesystem panic) (CVE-2006-3468, Important) * a flaw in the restore_all code path of the 4/4GB split support of non-hugemem kernels that allowed a local user to cause a denial of service (panic) (CVE-2006-2932, Important) * a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT processing that allowed a remote user to cause a denial of service (crash) or potential memory corruption (CVE-2006-2444, Moderate) * a flaw in the DVD handling of the CDROM driver that could be used together with a custom built USB device to gain root privileges (CVE-2006-2935, Moderate) * a flaw in the handling of O_DIRECT writes that allowed a local user to cause a denial of service (memory consumption) (CVE-2004-2660, Low) * a flaw in the SCTP chunk length handling that allowed a remote user to cause a denial of service (crash) (CVE-2006-1858, Low) * a flaw in the input handling of the ftdi_sio driver that allowed a local user to cause a denial of service (memory consumption) (CVE-2006-2936, Low) In addition a bugfix was added to enable a clean reboot for the IBM Pizzaro machines. Red Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill Korotaev for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0617.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-2660 BugTraq ID: 19665 http://www.securityfocus.com/bid/19665 Debian Security Information: DSA-1184 (Google Search) http://www.debian.org/security/2006/dsa-1184 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10165 http://www.redhat.com/support/errata/RHSA-2006-0617.html http://secunia.com/advisories/21605 http://secunia.com/advisories/22093 http://secunia.com/advisories/22174 Common Vulnerability Exposure (CVE) ID: CVE-2006-1858 18085 http://www.securityfocus.com/bid/18085 20185 http://secunia.com/advisories/20185 20671 http://secunia.com/advisories/20671 20716 http://secunia.com/advisories/20716 20914 http://secunia.com/advisories/20914 21045 http://secunia.com/advisories/21045 21179 http://secunia.com/advisories/21179 21476 http://secunia.com/advisories/21476 21498 http://secunia.com/advisories/21498 21605 22174 25696 http://www.osvdb.org/25696 ADV-2006-1893 http://www.vupen.com/english/advisories/2006/1893 ADV-2006-2554 http://www.vupen.com/english/advisories/2006/2554 DSA-1097 http://www.debian.org/security/2006/dsa-1097 DSA-1103 http://www.debian.org/security/2006/dsa-1103 MDKSA-2006:123 http://www.mandriva.com/security/advisories?name=MDKSA-2006:123 MDKSA-2006:150 http://www.mandriva.com/security/advisories?name=MDKSA-2006:150 RHSA-2006:0617 SUSE-SA:2006:042 http://www.novell.com/linux/security/advisories/2006_42_kernel.html SUSE-SA:2006:047 http://www.novell.com/linux/security/advisories/2006_47_kernel.html USN-302-1 http://www.ubuntu.com/usn/usn-302-1 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17 http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm linux-sctp-parameter-dos(26585) https://exchange.xforce.ibmcloud.com/vulnerabilities/26585 oval:org.mitre.oval:def:9510 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9510 Common Vulnerability Exposure (CVE) ID: CVE-2006-2444 1016153 http://securitytracker.com/id?1016153 18081 http://www.securityfocus.com/bid/18081 20182 http://secunia.com/advisories/20182 20225 http://secunia.com/advisories/20225 21035 http://secunia.com/advisories/21035 21136 http://secunia.com/advisories/21136 21983 http://secunia.com/advisories/21983 22082 http://secunia.com/advisories/22082 22093 22822 http://secunia.com/advisories/22822 25750 http://www.osvdb.org/25750 ADV-2006-1916 http://www.vupen.com/english/advisories/2006/1916 DSA-1183 http://www.debian.org/security/2006/dsa-1183 DSA-1184 MDKSA-2006:087 http://www.mandriva.com/security/advisories?name=MDKSA-2006:087 RHSA-2006:0437 http://www.redhat.com/support/errata/RHSA-2006-0437.html RHSA-2006:0580 http://www.redhat.com/support/errata/RHSA-2006-0580.html SUSE-SA:2006:064 http://www.novell.com/linux/security/advisories/2006_64_kernel.html VU#681569 http://www.kb.cert.org/vuls/id/681569 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.18 http://support.avaya.com/elmodocs2/security/ASA-2006-180.htm http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.16.y.git%3Ba=commit%3Bh=1db6b5a66e93ff125ab871d6b3f7363412cc87e8 linux-snmp-nathelper-dos(26594) https://exchange.xforce.ibmcloud.com/vulnerabilities/26594 oval:org.mitre.oval:def:11318 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11318 Common Vulnerability Exposure (CVE) ID: CVE-2006-2932 19664 http://www.securityfocus.com/bid/19664 28120 http://www.osvdb.org/28120 oval:org.mitre.oval:def:11410 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11410 Common Vulnerability Exposure (CVE) ID: CVE-2006-2935 18847 http://www.securityfocus.com/bid/18847 20060831 rPSA-2006-0162-1 kernel http://www.securityfocus.com/archive/1/444887/100/0/threaded 21298 http://secunia.com/advisories/21298 21614 http://secunia.com/advisories/21614 21695 http://secunia.com/advisories/21695 21934 http://secunia.com/advisories/21934 22497 http://secunia.com/advisories/22497 23064 http://secunia.com/advisories/23064 23788 http://secunia.com/advisories/23788 24288 http://secunia.com/advisories/24288 ADV-2006-2680 http://www.vupen.com/english/advisories/2006/2680 MDKSA-2006:151 http://www.mandriva.com/security/advisories?name=MDKSA-2006:151 RHSA-2006:0710 http://www.redhat.com/support/errata/RHSA-2006-0710.html RHSA-2007:0012 http://www.redhat.com/support/errata/RHSA-2007-0012.html RHSA-2007:0013 http://www.redhat.com/support/errata/RHSA-2007-0013.html SUSE-SA:2006:049 http://www.novell.com/linux/security/advisories/2006_49_kernel.html USN-331-1 http://www.ubuntu.com/usn/usn-331-1 USN-346-1 http://www.ubuntu.com/usn/usn-346-1 http://bugzilla.kernel.org/show_bug.cgi?id=2966 http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197670 https://issues.rpath.com/browse/RPL-611 linux-dvdreadbca-bo(27579) https://exchange.xforce.ibmcloud.com/vulnerabilities/27579 oval:org.mitre.oval:def:10886 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10886 Common Vulnerability Exposure (CVE) ID: CVE-2006-2936 19033 http://www.securityfocus.com/bid/19033 20060717 rPSA-2006-0130-1 kernel http://www.securityfocus.com/archive/1/440300/100/0/threaded 20703 http://secunia.com/advisories/20703 21057 http://secunia.com/advisories/21057 24547 http://secunia.com/advisories/24547 25226 http://secunia.com/advisories/25226 25683 http://secunia.com/advisories/25683 27119 http://www.osvdb.org/27119 ADV-2006-2841 http://www.vupen.com/english/advisories/2006/2841 SUSE-SA:2007:018 http://www.novell.com/linux/security/advisories/2007_18_kernel.html SUSE-SA:2007:021 http://www.novell.com/linux/security/advisories/2007_21_kernel.html SUSE-SA:2007:030 http://www.novell.com/linux/security/advisories/2007_30_kernel.html SUSE-SA:2007:035 http://www.novell.com/linux/security/advisories/2007_35_kernel.html http://www.kernel.org/git/?p=linux/kernel/git/gregkh/patches.git%3Ba=blob%3Bh=4b4d9cfea17618b80d3ac785b701faeaf60141f1%3Bhb=396eb2aac550ec55856c6843ef9017e800c3d656 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197610 linux-ftdi-sio-dos(27807) https://exchange.xforce.ibmcloud.com/vulnerabilities/27807 oval:org.mitre.oval:def:10265 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10265 Common Vulnerability Exposure (CVE) ID: CVE-2006-3468 19396 http://www.securityfocus.com/bid/19396 2006-0046 http://www.trustix.org/errata/2006/0046/ 21369 http://secunia.com/advisories/21369 21847 http://secunia.com/advisories/21847 22148 http://secunia.com/advisories/22148 SUSE-SA:2006:057 http://www.novell.com/linux/security/advisories/2006_57_kernel.html SUSE-SR:2006:021 http://www.novell.com/linux/security/advisories/2006_21_sr.html SUSE-SR:2006:022 http://www.novell.com/linux/security/advisories/2006_22_sr.html http://lkml.org/lkml/2006/7/17/41 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=199172 oval:org.mitre.oval:def:9809 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9809 Common Vulnerability Exposure (CVE) ID: CVE-2006-3626 BugTraq ID: 18992 http://www.securityfocus.com/bid/18992 Bugtraq: 20060717 rPSA-2006-0130-1 kernel (Google Search) Debian Security Information: DSA-1111 (Google Search) http://www.debian.org/security/2006/dsa-1111 http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:124 http://www.osvdb.org/27120 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10060 http://secunia.com/advisories/21041 http://secunia.com/advisories/21073 http://secunia.com/advisories/21119 http://secunia.com/advisories/21123 SuSE Security Announcement: SUSE-SA:2006:042 (Google Search) SuSE Security Announcement: SUSE-SA:2006:047 (Google Search) SuSE Security Announcement: SUSE-SA:2006:049 (Google Search) SuSE Security Announcement: SUSE-SR:2006:017 (Google Search) http://www.novell.com/linux/security/advisories/2006_17_sr.html https://usn.ubuntu.com/319-1/ http://www.ubuntu.com/usn/usn-319-2 http://www.vupen.com/english/advisories/2006/2816 XForce ISS Database: linux-proc-race-condition(27790) https://exchange.xforce.ibmcloud.com/vulnerabilities/27790 Common Vulnerability Exposure (CVE) ID: CVE-2006-3745 19666 http://www.securityfocus.com/bid/19666 20060822 Linux Kernel SCTP Privilege Elevation Vulnerability http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0600.html http://www.securityfocus.com/archive/1/444066/100/0/threaded 21576 http://secunia.com/advisories/21576 ADV-2006-3358 http://www.vupen.com/english/advisories/2006/3358 MDKSA-2007:025 http://www.mandriva.com/security/advisories?name=MDKSA-2007:025 http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.2 kernel-sctp-privilege-escalation(28530) https://exchange.xforce.ibmcloud.com/vulnerabilities/28530 oval:org.mitre.oval:def:10706 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10706
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.